3/09/2010

LDAP and Apache Integration

To integrate authentication to a specific location on my Apache web server with my OpenLDAP server, I used the following configuration in /etc/httpd/conf.d/ldapauth.conf:


LDAPTrustedGlobalCert CA_BASE64 /etc/pki/tls/certs/ca-bundle.crt
LDAPTrustedClientCert CERT_BASE64 /etc/pki/tls/certs/localhost.pem

Options Indexes FollowSymLinks
AuthType Basic
AuthName "LDAP Authentication"
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://localhost.localdomain/dc=fedora,dc=test?uid??"
AuthLDAPBindDN uid=Patricia,ou=People,dc=fedora,dc=test
AuthLDAPBindPassword supersecret
require valid-user


I did use the Makefile in /etc/pki/tls/certs to "make localhost.pem" and copy it to the /etc/pki/tls/private directory as well. Here was what was in my slapd.conf (before it got slurped into the /etc/openldap/slapd.d directory).

[root@earth openldap]# grep -v '^$' slapd.conf | grep -v '^#'
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/localhost.pem
TLSCertificateKeyFile /etc/pki/tls/private/localhost.pem
database bdb
suffix "dc=fedora,dc=test"
checkpoint 1024 15
rootdn "cn=Manager,dc=fedora,dc=test"
rootpw simple
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitor
access to *
by dn.exact="cn=Manager,dc=fedora,dc=test" read
by * none

2 comments:

wright.keith said...

To generate an encrypted rootpw for slapd.conf use the slappasswd command.

Patricia said...

...nerdy you are, I like!

About Me - WrightRocket

My photo

I've worked with computers for over 30 years, programming, administering, using and building them from scratch.

I'm an instructor for technical computer courses, an editor and developer of training manuals, and an Android developer.